Improper Certificate Handling in CP Plus Security Camera
CVE-2024-54848

7.4HIGH

Key Information:

Vendor: CP Plus
Vendor: CVE Published:; 10 January 2025

What is CVE-2024-54848?

This vulnerability arises from the improper handling and storage of cryptographic certificates within the CP Plus CP-VNR-3104 B3223P22C02424 device. As a result, attackers can potentially exploit this weakness to decrypt sensitive communications or execute man-in-the-middle attacks, compromising the privacy and integrity of the data transmitted between the device and its users. This poses a significant security risk, especially in environments where confidential information is handled.

References

https://payatu.com/blog/solving-the-problem-of-encrypted-...

https://capec.mitre.org/data/definitions/233

https://nvd.nist.gov/vuln/detail/CVE-2021-21551

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2025

CVE-2024-54848 Data

JSON